E-Stop Resetting Strategies

Birket Engineering News, Sept/Oct 1994 (U)

Regardless of how simple or complex a control system is, it is fully dependent on a good E-Stop logic circuit for it safety. An E-Stop chain can be as simple as having only one component in the chain or multiple components of different types such as switches, relay contacts, limit switches, etc. Regardless of how complex the E-Stop chain is, it takes a special procedure to reset all the components in the chain and consequently powering up the E-Stop bus. This article will describe in some detail some of the most common techniques used to reset the E-Stop bus in a safe and dependable manner.

Figure 1 shows some of the most common devices to be part of an E-Stop logic circuit. I will briefly describe the objective of each device and to recover once it is tripped.

Figure 1

(Figure 1)


E-Stop Switch: It is understood that this type of switch is provided in a system as an operator interface to interfere when a condition requires that the system be stopped. The resetting procedure for a manual switch is simple and it is mostly up to the operator to ensure that, in the first place, the problem that caused the E-Stop has been corrected and that the area around the machine is clear. The switch is reset by pulling the operator. In a processor based system this switch must also have a secondary contact monitored as an input.

Over Travel Limit Switch (O.T.): This type of switch goes untested for very long periods of time since the objective of the system is to never reach an over travel condition any way. When an O.T. switch is tripped, a special procedure is required to reset the E-Stop bus since this contact is not closed until the system is returned to its normal state. A common way to recover from an O.T. condition is to install a momentary push button in parallel with the O.T. switch as shown in figure 1. This switch is then used in conjunction with the reset switch to energize the E-Stop bus. If the system is processor based an input from the bypass switch may have to be connected to allow a software bypass as well as a hardware bypass. It goes without saying that a resetting of an O.T. switch must not be attempted without first correcting or at least investigating the condition that caused the system to reach this state.

Phase Rotation and Phase Loss Monitor: Systems that operate machinery running on three phase power may have phase rotation or phase loss detection circuits. Although this wiring will not be altered on a regular basis after installation, it is important to keep it well monitored to avoid damage to the equipment or simply equipment malfunction. What these devices do is that they ensure that during installation and test and adjust, or after equipment replacement the E-Stop bus cannot be powered until all three phase circuits have been properly wired. Phase loss detection is included here but depending on the type of equipment, it may only be required to start a soft shut down of the affected machine and not the entire system. In this case the monitor would simply be an input to the processor. Causes of loss of a phase could be a blown fuse, tripped circuit breaker or even a burned wire due to overheating. All these conditions must be corrected before attempting to re-power the system. These devices do not need a resetting procedure since they reset when the offending cause is corrected.

Processor Watch Dog Timer (W.D.T.): In some applications where a processor is used, it may be required to use a W.D.T. relay in order to detect processor malfunction. This device must receive a constant pulse of at least 1 Hz frequency from a processor output bit. While the signal is being received as an input the device will keep its dry contact closed. This device must be such that if the input signal were to latch in a high state or a low state it would trip and open the dry contact. Resetting of this device takes place automatically as soon as the processor outputs are re-started. This implies that what ever condition caused the processor to malfunction must be corrected before re-starting the system.

Pressure, Temperature, Level and other sensors: These are typical sensors used in hydraulic applications. in most cases these will be over-range monitors and therefore they will not be tripped during normal operation. It may be convenient in some cases to provide for means to periodically test these devices to ensure that they are operating properly and most importantly that they have not been jumpered. In the case that they are tripped because of system error an E-Stop will be invoked and the system will stop. The system must be such that when stopped it will allow these sensors to be restored to their normal operating range.

System Reset: There are two ways of resetting the E-Stop bus once all field E-Stop conditions have been cleared. The most typical and used in systems with no processor controlled is strictly hardware oriented and it consists of connecting a Reset switch across the latching contact of the E-Stop relay. This technique is acceptable for small systems that do not have many E-Stop causing conditions but it most not be used in large systems where the processor monitors critical conditions that because of their nature do not belong in the E-Stop bus. If some of these conditions were not satisfactory to the processor but the processor does not have a vote in the E-Stop chain, the E-Stop bus could be reset by simply pressing the reset switch. What makes this technique inappropriate for large systems is that a device can be jumpered undetected and by simply pressing the reset switch the E-Stop bus can be activated indefinitely even if the E-Stop relay doesn’t latch.

The second technique is based on the processor having the final vote in the E-Stop chain. In this logic the E-Stop bus is never energized even by pressing the reset switch. The reset switch becomes an input to the processor instead of a hardware device across the E-Stop chain. Only when the processor has tested that all E-Stop conditions are valid and the reset switch is pressed will it close the contact that latches the E-Stop chain. During running mode it takes opening any of the contacts across the E-Stop chain or triggering any of the critical inputs to the processor to open the processor vote and turn off the E-Stop bus.